Friday, June 29, 2018

My Dell DA300 6-in-1 USB-C mobile adapter

My Dell Inspiron 5370 laptop has limited output ports as a trade-off for its slim and lightweight design. It only has 1 USB 3.1 Gen 1 (Type-C) port with Power Delivery/DisplayPort, 1 HDMI 1.4b port and 1 combo audio port.

This means that it can only connect to the network using WiFi connection, as there is no Ethernet port. It is also not able to output its display to projector using VGA connector unless making use of an adapter to convert its HDMI output to VGA.

Luckily, Dell has made available a DA300 6-in-1 USB-C mobile adapter which is able to convert the USB-C port of the laptop into:

  • HDMI 2.0 port that supports 4K display output
  • DisplayPort (DP) 1.4 that supports 4K display output
  • VGA port that supports 1080p full HD display output
  • Ethernet network port that supports MAC address pass-through, PXE Boot, and Wake-On-LAN
  • USB-A port with up to 10 Gbps data transfer speed
  • USB-C port with up to 10 Gbps data transfer speed

This Dell DA300 mobile adapter is plug-and-play on supported Windows 10 computer. It can be used straightaway without the need to install any driver.

It offers seamless video, network, and data connectivity, in a neat, compact design. It price of around RM300 is quite reasonable for its 6-in-1 functions and its innovative design.

Wednesday, June 27, 2018

About the Cyber Kill Chain

The Cyber Kill Chain introduced by Lockheed Martin is a cybersecurity model to describe, in general, how a computer intrusion (hacking) through IT network is carried out in 7 distinguished stages. It was developed based on military attack kind of thought.

Anyhow, there is no common SOP in cyber-attack, and hackers are not necessary following the Cyber Kill Chain of planning and action in their attacks.

This model is however useful to plan for cyber-defense strategy and measure, and also for cyber-threat analysis to a networked computer system.

The 7 stages in Cyber Kill Chain are:

  • Reconnaissance - the victim is observed, analyzed and studied by the attacker.
  • Weaponization - tools are developed or obtained to exploit the weaknesses found in the victim.
  • Delivery - the "weapon" is deployed to the targeted victim.
  • Exploitation - once the "weapon" is successfully deployed, it will start working by looking for vulnerabilities in the victim's computer system.
  • Installation - at the stage, access is silently obtained by the "weapon". It will find it way to communicate to the attacker using the computer network. Normally, a backdoor is established to enable such linkage.
  • Command and Control - remote access to the victim's computer system is made available to the attacker. The attacker can take over control of the compromized system and issue command to it.
  • Actions on Objectives - with the control, the attacker is able to proceed with the objectives of the attack, such as data exfiltration, data destruction, data encryption for ransom, etc.



With reference to this model, the defending party can plan for countering the attack by the famous 4 Fs strategy, namely:
  • Find the enemy
  • Fix the enemy
  • Fight the enemy
  • Finish the enemy

Thursday, June 21, 2018

Cryptography - the essential technique in today computing world

Cryptography is the method of converting plaintext information into non human-readable form called ciphertext through a process called encryption, and reverse process to convert the ciphertext back to original form called decryption.

Today, knowledge in cryptography is crucial for every computer programmers and computer engineers. It is applied in everywhere in the cyberspace and it is a sin of omission if not applied properly to provide cybersecurity protection in the areas of confidentiality, integrity, authentication, and non-repudiation.

Cryptography is the integral part of blockchains and crypto-currencies such as Bitcoin, Ethereum, etc. It is used to secure data transmission in WiFi communication, 4G LTE network, HTTPS web access, etc. It is also extensively used to secure file system in Apple iOS, Windows Bitlocker, SSD encryption, etc. It enables the implementation of digital signature.

Cryptography makes use of digital key(s) to perform the encryption and decryption process. There is one kind of cryptography called hashing which does not make use of any key, and the ciphertext is non-reversible to original information.


Keyless Cryptography (Hashing)
Hashing is a one way function that convert its input message into irreversible string of text called hash or digest, which normally has a length much shorter than the input message. The key concept of hashing is that the generated digest is unique to the input message, so that same input message will always generate the same digest, and different input message will not generate the same digest.

Hashing is commonly used:
  • To store password for identity authentication
  • To generate checksum or fingerprint to verify if the original information has not been tampered or changed
  • In database and data storage for more efficient data searching
  • In computer geometrics and computer graphics

Examples of hashing function are:
  • MD5 (Message Digest 5) - designed to replace earlier version of MD2 and MD4. Still commonly used despite MD6 has been around to replace it.
  • SHA-3 (Secure Hash Algorithm 3) - winner of the NIST hash function competition.  Commonly used in digital certificates. Supersedes earlier version of SHA-0, SHA-1 and SHA-2.
  • BLAKE2 - Used in RAR compressed file checksum. Supersedes earlier version of BLAKE.


Symmetric Key Cryptography (Private Key Cryptography)
The same private key is used for message encryption and decryption.

It is commonly used in secured data transmission, such as SSH, WiFi with password, 4G LTE communication, etc.

Examples of symmetric key cryptography are:
  • DES (Data Encryption Standard) - designed by IBM in 1970's. Modern supercomputer is able to decrypt DES encrypted information within just a few days. Still commonly used in smart cards, SIM cards, etc.
  • 3DES (Triple DES) - more secure version of DES.
  • IDEA (International Data Encryption Algorithm) - commonly used in Pretty Good Privacy (PGP) email signing and secured email transfer.
  • ThreeFish - is the successor of Blowfish and TwoFish. Commonly used in SSH secured remote access.
  • RC6 (Rivest cipher 6) - designed by RSA Security, patent just expired in 2017. Commonly used for secured data transmission and in bank ATM machines. Is the successor of RC2, RC4, RC5.
  • AES (Advanced Encryption Standard) - commonly used by USA government and commercial sector to protect top secret documents.

Asymmetric Key Cryptography (Public Key Cryptography)
Consists of a key pair. The private key that should be kept secret with the owner, and the public key that needs to be known by others.

In the scenario of digital signing, the private key is used to sign the digital document, and the public key is used to verify the digital signature.

In the scenario of data encryption, the public key is used to encrypt the document to be sent to the private key owner, and the encrypted document can only be decrypted using the corresponding private key.

It is commonly used in Secure Socket Layer (SSL), Transport Layer Security (TLS), S/MIME, digital signature, blockchains and crypto-currencies.

Examples of asymmetric key cryptography are:
  • RSA (Rivest-Shamir-Adleman) - named after its 3 designers. Patent expired in 2000. Compared with DSA, it is slower in digital signing and faster in verification.
  • DSA (Digital Signature Algorithm) - patented but can be used royalty free. Commonly used in SSH and digital signature. Compared with RSA, it is faster in digital signing and slower in verification.
  • ECC (Elliptic Curve Cryptography) - derived from DSA and based on Elliptic Curves theory. Commonly used in Bitcoin, Ethereum, iOS, etc.
  • Diffie-Hellman - is used for public key exchange and not for digital signing or data encryption.

Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.